For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA Veracode’s VP of Research Chris Eng recently sat down with Evan Schuman to discuss the new list and its implications. Their conversation covers:

Why the top entries in the list continue to be the same year after year

Why CSRF was removed from the list

How this list is currently used, and best practices for using it

OWASP’s methodology change after its controversial release candidate last spring

What AppSec practitioners should focus on beyond this Top 10 list

Make sure you understand this important update and its implications; listen to this 10-minute conversation today.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.